Office of Foreign Assets Control List (OFAC) Verification that the provided SSN is validĪ seven (7) year criminal record check for felony and misdemeanor offenses at the state, county, and local level and at the federal level Verification of seven (7) year employment history GCC Employee Background ChecksĪdditionally, with GCC we begin to see additional employee background checks to meet various federal, state, and local government requirements. The reason behind this is that the identity component and network that GCC resides on is Azure Commercial and does not meet import/export controls since it is global and access is not limited to U.S Citizens. It is important to note that GCC is 100% insufficient for ITAR, EAR and most Controlled Unclassified Information (CUI) and Controlled Defense Information (CDI) handling. FBI CJIS (Criminal Justice Information Services).DoD SRG Level 2 (with no provisional authority).DFARS 252.204-7012 (As of February 2021 Microsoft will now attest to compliance).Compliance frameworks that can be met in GCC include: It has many of the same features, but features data centers ONLY in the continental United States (CONUS), as mandated by FedRAMP Moderate. GCC, Government Community Cloud, can essentially be thought of as a government focused copy of the commercial environment. Although it is not officially asserted yet, it is expected that Microsoft 365 commercial meets CMMC Level 1 and 2 requirements. The expense, complexity, and risk involved makes this an undesirable state, which would be impacted by any changes Microsoft makes to the environment, while leaving you on the hook to patch any gaps. There is the possibility that an organization could meet FedRAMP moderate impact in Microsoft 365 Commercial, but it would need to be heavily augmented with additional tools. It is not meant for government or defense compliance and should not be used for such as it shares a global infrastructure and workforce. In many cases, security and compliance needs such as can be met in commercial through tools like Enterprise Mobility and Security, Intune, Compliance Center, Cloud App Security, Azure Information Protection and the various Advanced Threat Protection (ATP) tools.Ĭompliance frameworks that can reside in commercial include HIPAA/HITech, NIST 800-53, PCI-CSS, GDPR, CCPA, etc. Everyone qualifies and no validations are needed. It has the most features and tools, nearly global availability, and the lowest prices. It is where Enterprise, Business Essentials, and Academic and even home Office 365 tenants reside. What is Microsoft 365 Commercial?Ĭommercial Microsoft 365 is the standard Microsoft 365 cloud. Check out our video focused on Compliance in GCC High. Before making the decision, it is important to understand the differences between these environments. Understanding the differences between Commercial, GCC and GCC High Microsoft 365 environments is important, and almost directly aligns to your compliance needs. One of the most common questions we receive is “Which cloud is right for us?”.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |